1

RIZVI LAW COLLEGE

NAME: SAHIL RAJU DESHPANDE SEAT NO: 24

PHONE NO: 9920028676

EMAIL ID:[email protected]

TOPIC

THE ROLE OF CYBER LAW OF CYBERSECURITY IN INDIA

 2

Abstract

The present study experimentally investigated the role of cyber law of cybersecurity in India the
following data gathered from executive agencies like “Ministry of Electronics and Information
Technology (MeitY) of the Union government, which is the parent department of Indian
Computer Emergency Response Team (CERT-in). The article topic strikes interest as
cybersecurity is a rising concern in the modern world and the necessity of the laws surrounding
the matter.

India has the highest percentage of internet users who have experienced cybercrime at 76% to
prevent such modern crimes the Government needs law and orders according to them. We
examine the role of these cyber laws. As per general digital regulation definition ,cyber law is
‘Enhancing the protection and cyber-resilience of critical information infrastructure’(Digital
Regulation Platform, 2021)

To lay it out plainly, regulation arrangements with digital wrongdoings. Many cybersecurity laws
depend mainly on each country’s territorial extent. The punishments for the same also vary
according to the offence committed, ranging from fines to imprisonments. Cybercrime is not
characterized in the (Information Technology Act 2000), “any offence or wrongdoing wherein a
PC is utilized is digital wrongdoing. Internet regulation covers many subjects, including parts of
agreement regulation, security regulations, and protected innovation regulations. Besides the
framework gives a design to electronic trade exchanges and electronic documenting of
structures. As web based business has expanded it is evident that people take advantage of the
technology and commit cybercrime for that reason appropriate guidelines are set up to forestall
acts of neglect. Cyber fraud is a subspecies of cybercrime which also requires an internet with
the intent of giving false information to get money or property by tricking their victim any many
crimes ranging from hacking, phishing and identity theft resulting in loss of financial assets.1

1
Digital Regulation Platform, 2021, Information Technology Act 2000
 3

Conclusion: In my opinion, cyber laws are as all other laws a necessary regulation as in a general
public that is reliant increasingly more on innovation, wrongdoing in light of electronic
regulation breaking will undoubtedly increment, and legislators need to exceed all expectations
contrasted with the frauds to keep them under control. Technology and innovation have two
sides of a coin on either side one can use it for betterment of the society and the latter can use to
for selfish, greed and harmful purposes, There is a need for legislators to take extra precautions
to keep ahead of the imposters so that they can act against them as soon as they arise. It can be
prevented if lawmakers, internet providers, banks, shopping websites and other intercessors work
together. However, ultimately, it is up to the users to participate in the fight against cyber crime.
Increase in online safety and durability to take place is through the consideration of the actions of
these stakeholders, ensuring they stay within the confines of the law of cyberspace.

Indian IT ACT 2000 was a major move in rules and regulations of a developing India which
contain the cyber laws and made electronic formats and communication legally recognized.
Thus, Cyber laws in India concomitantly helped the nation grow digitally without concerns of
malicious intent.
 4

Before we look at the provisions, rules and regulations let’s take a look at the various
digital/cybercrime.

Cybercrime against Persons, which mean “Cyberstalking” which is defined as the repeated use of
email or related electronic communication streams to annoy, threaten or alarm an individual or
group of individuals, “Impersonation” which means whoever mimics or imitates someone else
by giving any bogus data or biometric data, “Loss of privacy”, privacy is fundamentally about
controlling your own asset or data or information of any kind locked away from anyone except
you, loss of privacy can result in harm to individuals by means of embarrassment to identity
theft, “Electronic Harassment”, repeated, unsolicited, hostile behavior by a person with
malicious intent through cyberspace with the intent to terrify, intimidate, humiliate, threaten,
harass or stalk someone.

Cybercrime against Property, trespassing another computer which means getting to a computer
without authorization and acquiring monetary data from an office or organization from any
guarded computer. “Cybervandalism”, its motive is to be hostile and destructive as follows

“Transmission of harmful programmes”, they are conveyed as email connections, malevolent

code on suspect sites or through removable media like blaze drives. Cybercriminals carry out
these infections for a scope of purposes. “Siphoning of funds from financial orgs” siphoning
money by making phone calls is a technique used by cybercriminals, victims often make
mistakes revealing banking details over the phone as cybercriminals pose as banking officials.

Data theft is the most common problem in the cyberspace or also called information theft, it’s the
unlawful exchange of private or monetary information, such as passwords, programming code or
calculations. “Copyright”, copyright infringement in cyberspace is a type of intellectual property
theft, which can prompt huge security issues and lawful punishments. Basically, using someone
else’s work who has right over it without an agreement or authorization might be viewed as at
fault for copyright infringement.

Cybercrime against Government, hacking government websites or wrongdoing against the

government is called cyber terrorism. It means taking advantage of government websites,
military websites and circulating classified files, these criminals are fear based oppressors or
 5

hostile government of different countries. “cyber extortion” it happens when cybercriminals take
steps to use data which is secret to extort money for safekeeping of the private data.

“Computer Viruses” often used by criminals to help commit cybercrimes. They are delivered as
email attachments, malicious code on suspect websites or through removable media such as flash
drives. Cybercriminals implement these viruses for a range of purposes. Some other cybercrimes
include logic bombs, spamming, viruses, worms, Trojan horses, email bombing, email abuse, etc.

Necessity of Strict Cyber Laws In India

Nowadays, everybody is moving towards the span of digitalization and networking, which
beyond the shadow of doubt, has its benefits. With modern world changing at a speedy rate the
same amount of criminal offences also develop with time and grow out of hand if not for cyber
laws. The new generation of the technological era has to deal with various cybercrimes, almost
everybody is impacted by digital regulation in the present digitalized world. For instance
exchanges is shares are in a demand structure, companies and organizations keep their
confidential information and data in electronic form.

In cases like tax fraud, homicide, significant proof is tracked down in computers and mobile
devices by tracking calls emails and sms. Cybercrime cases include monetary cheating, source
code robbery, visa extortion, tax avoidance, hacking and porn are becoming standard.

Cyber Laws in India are contained in the (Information Technology Act 2000) , which came into force
on October 17, 2000. The acts primary purpose is to provide legal recognition for transactions
carried out by means of electronic data interchange and other means of electronic2
communication and facilitate filing electronic records with the Government. It was introduced by
then Minister of Communications and information technology, Pramod Mahajan. The currency
laws of India, even with the most understanding and broad-minded interpretation could not be
interpreted in the light of upcoming cyberspace to get all things relating to various activities in
cyberspace. The functional experience and the insight of judgement found that it will not be
without huge dangers and entanglements assuming the current regulations were to be deciphered
in the situation of arising cyberspace without ordering new cyber regulations. Thus, the
requirement for authorization of significant cyber regulations.

2
Information Technology Act 2000.
 6

None of the current regulations gave legitimacy or approval to the exercises in cyberspace. For
instance, the internet is involved by a more significant part of clients for email. However, email
is still not “lawful” in our country. There is no regulation in the country, which gives legal
legitimacy, and approval to email. Courts and legal executives in our nation have been hesitant to
allow legal acknowledgement of the legitimacy of email without any specific regulation being
ordered by the parliament and as required for Cyber regulation.

“The Boys Locker Room Case”3 the investigation of an Instagram group chat started by a group
of students from Delhi, India in 2020, the group chat’s purpose was to share obscene images of
women, many of them underage were posted without their consent along with offensive
comments, including mentions of gang rape. Members of the group threatened to leak nude
photographs of the women who reported them. In May 2020, the Delhi Commission for Women4
condemned the group and the cyber unit of the Delhi police initiated probe and lodged and FIR
against the teen boys under the Indian Penal Code, 18605 and the IT Act 20006. There are certain
legal provisions that are explicitly crafted to address such issues. Section 66-E of the IT Act,
2000 lays down the law for violating the privacy of a person by sharing the pictures of private
areas of a person without their consent. The punishment it renders for such an act is either
imprisonment for not less than three years or a fine of rupees two lakhs maximum or both. This
is to be read in conjunction with Article 21 of the Indian Constitution which entitles a person’s
right to privacy which has been given legal recognition in K.S Puttaswamy v. UOI 7 which protects
the right to privacy and personal space of a person which is not to be infringed by anyone. In this
this which is clear that the member of the boy’s locker room group infringed the personal space
of the girls which should not have done at any cost. The sharing of images of underage girls was
a violation of the (Protection of Children from Sexual Offences Act, 2012)8. The information on the “boy’s
locker room” group had become public knowledge. So, the cyber cell decided to investigate. It
arrested the admin of the Instagram chat group. The devices of identified members were seized
and sent for forensic analysis.

3
https://en.wikipedia.org/wiki/Bois_Locker_Room 2020 ,
4
https://en.wikipedia.org/wiki/Delhi_Commission_for_Women,
5
Act No. 45 of Indian Penal Code 1860
6
Information Technology Act 2000
7
Justice K.S. Puttaswamy (Retd) Vs Union of India (2017) 10 SCC 1
8
POCSO Act 2012,
 7

“The Bank NSP Case”, in this case the trainees of bank management were engaged in marriage.
“The pair had been using the company’s computers to exchange several letters. They had broken
up their marriage after some time and she made a fake email id which was sent to the foreign
customers”. She used the bank computer to send these emails. These result in the loss of large
consumers. The bank was held liable for these emails.

“State of Tamil Nadu v. Suhas Katti” 9 the case of Suhas katti is notable for the fact that the
conviction was achieved successfully within a relatively quick time of 7 months from the filing
of the FIR. Considering that similar cases have been pending in other states for a much longer
time, the efficient handling of the case which happened to be the first case of the Chennai Cyber
Crime cell going to trial deserves a special mention. The case related to posting of obscene
harassing and annoying messages about a divorcee woman in the yahoo message group. Emails
were also forwarded to the victim for information by the accused through a false e-mail account
opened by him in the name of the victim, the posting of the message resulted in annoying phone
calls to the lady in the belief that she was soliciting. The court relied upon expert witnesses and
other evidence produced before it , and came to the conclusion that the crime was conclusively
proved.

“Smc Pneumatics(India) Pvt. Ltd v. Shri Jogesh Kwatra”10 this was India’s first case of cyber
defamation, a court of Delhi assumed jurisdiction over a matter where a corporate’s reputation
was being defamed through emails and passed and important ex-parte injunction. In this case, the
defendant Jogesh Kwatra being an employ of the plaintiff company started sending derogatory,
defamatory, obscene, vulgar, filthy and abusive emails to his employers as also to different
subsidiaries of the said company all over the world with the aim to defame the company and its
managing director Mr. R K Malhotra.

The plaintiff filed a suit for permanent injunction restraining the defendant from doing his illegal
acts of sending derogatory emails to the plaintiff.

On behalf of the plaintiffs it was contended that the emails sent by the defendant were distinctly
obscene, vulgar, abusive, intimidating, humiliating and defamatory in nature. Counsel further
argued that the aim of sending the said emails was to malign the high reputation of the plaintiffs
9
Suhas katti v. state of tamil nadu, C No. 4680 2004
10
Smc Pneumatics(India)Pvt. Ltd v. Shri Jogesh Kwatra, 2014
 8

all over India and the world. He further contended that the acts of the defendant in sending the
emails had resulted in invasion of legal rights of the plaintiffs. Further the defendant is under a
duty not to send the aforesaid emails. It is pertinent to note that after the plaintiff company
discovered the said employ could be indulging in the matter of sending abusive emails, the
plaintiff terminated the services of the defendant.

After hearing detailed arguments of Counsel for Plaintiff, Hon'ble Judge of the Delhi High Court
passed an ex-parte ad interim injunction observing that a prima facie case had been made out by
the plaintiff. Consequently, the Delhi High Court restrained the defendant from sending
derogatory, defamatory, obscene, vulgar, humiliating and abusive emails either to the plaintiffs
or to its sister subsidiaries all over the world including their Managing Directors and their Sales
and Marketing departments. Further, Hon'ble Judge also restrained the defendant from
publishing, transmitting or causing to be published any information in the actual world as also in
cyberspace which is derogatory or defamatory or abusive of the plaintiffs.

This order of Delhi High Court assumes tremendous significance as this is for the first time that
an Indian Court assumes jurisdiction in a matter concerning cyber defamation and grants an ex-
parte injunction restraining the defendant from defaming the plaintiffs by sending derogatory,
defamatory, abusive and obscene emails either to the plaintiffs or their subsidiaries.

“|Avnish Bajaj v. State (NCT) of Delhi (Bazee.com case)”11

The case involved an IIT Kharagpur student Ravi Raj, who placed on the baazee.com a listing
offering an obscene MMS video clip for sale with the username alice-elec. Despite the fact that
baazee.com have a filter for posting of objectionable content, the listing nevertheless took place
with the description, “Item 27877408 – DPS Girls having fun!!! full video + Baazee points.” The
item was listed online around 8.30 pm in the evening of November 27th 2004 and was

11
(2008) 105 DRJ 721: (2008) 150 DLT 769  
 9

deactivated, around 10 am on 29th November 2004. The Crime Branch of Delhi police took
cognizance of the matter and registered an FIR. Upon investigation, a charge sheet was filed
showing Ravi Raj, Avnish Bajaj, the owner of the website and Sharat Digumarti, the person
responsible for handling the content, as accused. Since, Ravi Raj absconded; the petition was
filed by Avnish Bajaj, seeking the quashing of the criminal proceedings.

“Infinity e-Search BPO Case”

The Gurgaon BPO fraud has created an embarrassing situation for Infinity e-Search, the
company in which Mr Karan Bahree was employed.
A British newspaper had reported that one of its undercover reporters had purchased personal
information of 1,000 British customers from an Indian call-center employee. However, the
employee of Infinity eSearch, a New Delhi-based web designing company, who was reportedly
involved in the case has denied any wrongdoing. The company has also said that it had nothing
to do with the incident.
In the instant case the journalist used an intermediary, offered a job, requested for a presentation
on a CD and later claimed that the CD contained some confidential data. The fact that the CD
contained such data is itself not substantiated by the journalist.
In this sort of a situation we can only say that the journalist has used "Bribery" to induce a "Out
of normal behavior" of an employee. This is not observation of a fact but creating a factual
incident by intervention. Investigation is still on in this matter.

“Andhra Pradesh Tax Case”Dubious tactics of a prominent businessman from Andhra Pradesh
was exposed after officials of the department got hold of computers used by the accused person.
The owner of a plastics firm was arrested and Rs 22 crore cash was recovered from his house by
sleuths of the Vigilance Department. They sought an explanation from him regarding the
unaccounted cash within 10 days.
The accused person submitted 6,000 vouchers to prove the legitimacy of trade and thought his
offence would go undetected but after careful scrutiny of vouchers and contents of his computers
it revealed that all of them were made after the raids were conducted.
It later revealed that the accused was running five businesses under the guise of one company
and used fake and computerized vouchers to show sales records and save tax.

“Parliament Attack Case”

 10

Bureau of Police Research and Development at Hyderabad had handled some of the top cyber
cases, including analysing and retrieving information from the laptop recovered from terrorist,
who attacked Parliament. The laptop which was seized from the two terrorists, who were gunned
down when Parliament was under siege on December 13 2001, was sent to Computer Forensics
Division of BPRD after computer experts at Delhi failed to trace much out of its contents.
The laptop contained several evidences that confirmed of the two terrorists’ motives, namely the
sticker of the Ministry of Home that they had made on the laptop and pasted on their ambassador
car to gain entry into Parliament House and the the fake ID card that one of the two terrorists was
carrying with a Government of India emblem and seal.
The emblems (of the three lions) were carefully scanned and the seal was also craftly made along
with residential address of Jammu and Kashmir. But careful detection proved that it was all
forged and made on the laptop.

“Sony Sambandh.Com Case”

India saw its first cybercrime conviction recently. It all began after a complaint was filed by
Sony India Private Ltd, which runs a website called www.sony-sambandh.com, targeting Non
Resident Indians. The website enables NRIs to send Sony products to their friends and relatives
in India after they pay for it online.
The company undertakes to deliver the products to the concerned recipients. In May 2002,
someone logged onto the website under the identity of Barbara Campa and ordered a Sony
Colour Television set and a cordless head phone. She gave her credit card number for payment
and requested that the products be delivered to Arif Azim in Noida. The payment was duly
cleared by the credit card agency and the transaction processed. After following the relevant
procedures of due diligence and checking, the company delivered the items to Arif Azim.
At the time of delivery, the company took digital photographs showing the delivery being
accepted by Arif Azim.
The transaction closed at that, but after one and a half months the credit card agency informed
the company that this was an unauthorized transaction as the real owner had denied having made
the purchase.
The company lodged a complaint for online cheating at the Central Bureau of Investigation
which registered a case under Section 418, 419 and 420 of the Indian Penal Code.
 11

The matter was investigated into and Arif Azim was arrested. Investigations revealed that Arif
Azim, while working at a call centre in Noida gained access to the credit card number of an
American national which he misused on the company’s site.The CBI recovered the colour
television and the cordless head phone.In this matter, the CBI had evidence to prove their case
and so the accused admitted his guilt. The court convicted Arif Azim under Section 418, 419 and
420 of the Indian Penal Code — this being the first time that a cybercrime has been convicted.
The court, however, felt that as the accused was a young boy of 24 years and a first-time convict,
a lenient view needed to be taken. The court therefore released the accused on probation for one
year.
The judgment is of immense significance for the entire nation. Besides being the first conviction
in a cybercrime matter, it has shown that the the Indian Penal Code can be effectively applied to
certain categories of cyber crimes which are not covered under the Information Technology Act
2000. Secondly, a judgment of this sort sends out a clear message to all that the law cannot be
taken for a ride.

There are certain causes which end up as Cyber Fraud in India, “quick money”, this group is
motivated by greed for a faster way of earning money especially e-commerce and e-banking data
information, with the sale aim of committed fraud and swindling money off unsuspecting
customers. “Misconception of fighting a just cause”, cyber-crime can be committed to fighting a
cause one believes in, to cause threat and often damages that affect the recipients adversely. This
is the most harmful of all the causes of cyber-crime. Those involved they believe they are
fighting a just cause and do not mind who or what they destroy in their quest to achieve their
goals. These are cyber-terrorists. “capacity to store data in comparatively small space”,
computers have unique characteristics of storing data in minimal space. This affords removing
or to derive information through physical or virtual medium makes it much more manageable .
“Classified/Confidential information being stored online”, data from security firms, specific
databases, financial institutes and even governmental organizations is stored online and on
networks. This allows cybercriminals to initiate unauthorized access and use it for their own
needs. Complex technology can be manipulated and firewalls can be bypassed, allowing
criminals to access security codes, bank accounts and other information.
 12

By now in this article it is evident that the IT act 2000 surrounds all the regulations relating to
cybercrime in India. The IT Act is prominent in the entire Indian legal framework, as it directs
the whole investigation process for governing cyber crimes. Following are the appropriate
sections: (Section 43 IT ACT , 2000): This section of the IT Act applies to individuals who
indulge in cyber crimes such as damaging the computers of the victim, without taking the due
permission of the victim. In such a situation, if a computer is damaged without the owner’s
consent, the owner is fully entitled to a refund for the complete damage.12 (Section 66 IT ACT ,
2000): Applies to any conduct described in Section 43 that is dishonest or fraudulent. There can
be up to three years of imprisonment in such instances, or a fine of up to Rs. 5 lakh.13, Section
66B: This section describes the penalties for fraudulently receiving stolen communication
devices or computers, and confirms a possible three-year prison sentence. Depending on the
severity, a fine of up to Rs. 1 lakh may also be imposed.14Section 66C15: The focus of this section
is digital signatures, password hacking, and other forms of identity theft. Thi section imposes
imprisonment upto 3 years along with one lakh rupees as a fine. Section 66D16: This section
involves cheating by personation using computer Resources. Punishment if found guilty can be
imprisonment of up to three years and/or up-to Rs 1 lakh fine.Section 66E17: Taking pictures of
private areas, publishing or transmitting them without a person’s consent is punishable under this
section. Penalties, if found guilty, can be imprisonment of up to three years and/or up-to Rs 2
lakh fine.Section 66F: Acts of cyber terrorism. An individual convicted of a crime can face
imprisonment of up to life. An example: When a threat email was sent to the Bombay Stock
Exchange and the National Stock Exchange, which challenged the security forces to prevent a
terror attack planned on these institutions. The criminal was apprehended and charged under
Section 66F of the IT Act.Section 67: This involves electronically publishing obscenities. If
convicted, the prison term is up to five years and the fine is up to Rs 10 lakh.18

If IT ACT is not sufficient to cover specific cyber crimes, law enforcement agencies can apply
the following IPC sections: Section 29219: The purpose of this section was to address the sale of
12
Section 43 Information Technology Act 2000 India.
13
Section 66 Information Technology Act 2000 India.
14
Section 66B Information Technology Act 2000 India.
15
Section 66C Information Technology Act 2000 India.
16
Section 66D Information Technology Act 2000 India
17
Section 66E Information Technology Act 2000 India
18
Section 66E Information technology act 2000 India
19
Section 292 IPC 1860
 13

obscene materials, however, in this digital age, it has evolved to deal with various cyber crimes
as well. A manner in which obscene material or sexually explicit acts or exploits of children are
published or transmitted electronically is also governed by this provision. The penalty for such
acts is imprisonment and fines up to 2 years and Rs. 2000, respectively. The punishment for any
of the above crimes may be up to five years of imprisonment and a fine of up to Rs. 5000 for
repeat (second-time) offenders.Section 354C20: In this provision, cyber crime is defined as taking
or publishing pictures of private parts or actions of a woman without her consent. In this section,
voyeurism is discussed exclusively since it includes watching a woman’s sexual actions as a
crime. In the absence of the essential elements of this section, Section 292 of the IPC and Section
66E of the IT Act are broad enough to include offences of an equivalent nature. Depending on
the offence, first-time offenders can face up to 3 years in prison, and second-time offenders can
serve up to 7 years in prison.Section 354D Stalking, including physical and cyberstalking, is
described and punished in this chapter. The tracking of a woman through electronic means, the
internet, or email or the attempt to contact her despite her disinterest amounts to cyber-stalking.
This offence is punished by imprisonment of up to 3 years for the first offence and up to 5 years
for the second offence, along with a fine in both cases. 

20
Section 354C IPC 1860